Method and system for employing biometric data to authorize cloud-based transactions

1. A method for employing biometric data to authorize cloud-based data transactions and enforce cloud-based data security comprising: establishing, during a registration process, a database zone to be controlled by a user, wherein the database zone is an exclusive area of a database which is set aside for the user and further wherein the database zone is only accessible using biometric data of the user; generating authorization data by associating the biometric data of the user with the database zone; receiving first live biometric data generated through the user interacting with a first biometric device coupled to a first computing system, the first live biometric data uniquely identifying the user to which the biometric data applies, the first computing system being a system that has been previously identified as a known system; using the first live biometric data as a database index to determine and locate the database zone controlled by the user, wherein using the first live biometric data ensures that the user who controls the database zone is physically present at the first computing system; opening a secure channel between the first computing system and an authorization object responsible for securely managing access to the database zone; providing, from the first computing system using the secure channel, the first live biometric data to the authorization object; determining, by the authorization object, whether the database zone controlled by the user is associated with authorization data matching the first live biometric data to at least a predetermined degree; granting the first computing system access rights to the data stored within the database zone controlled by the user; receiving, through a user interface of the first computing system, one or more first commands from the user that trigger the performance of one or more first operations on data stored within the database zone controlled by the user, wherein at least one of the commands is a copy data command which copies at least a portion of data stored within the database zone controlled by the user to a temporary storage location within the database zone controlled by the user; performing, as a result of the triggering, the one or more first operations on data stored within the database zone controlled by the user; receiving second live biometric data generated through the user interacting with a second biometric device coupled to a second computing system, wherein the second live biometric data uniquely identifies the user, and further wherein the second computing system has not been previously identified as a known system; using the second live biometric data as a database index, to determine and locate the database zone controlled by the user, wherein using the second live biometric data ensures that the user who controls the database zone is physically present at the second computing system; determining, by the authorization object, that the database zone controlled by the user is associated with authorization data matching the second live biometric data to at least a predetermined degree; granting the second computing system access rights to the data copied to the temporary storage location within the database zone controlled by the user; receiving, through a user interface of the second computing system, one or more second commands from the user that trigger the performance of one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; performing, as a result of the receiving one or more second commands, the one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; receiving results data resulting from performance of the one or more operations on the data copied to the temporary storage location within the database zone controlled by the user.

2. The method of claim 1 wherein the one or more commands received at either of the first computing system or the second computing system include one or more commands selected from a group of commands consisting of: a copy command; a transfer command; a delete command; an insert command; and a command to move at least a portion of the data into a database zone controlled by an owner of the second computing system.

3. The method of claim 1 wherein at least one of the first live biometric data and the second live biometric data are selected from the group of biometric data consisting of: fingerprint data; palm print data; retina data; facial recognition data; and iris recognition data.

4. The method of claim 1 wherein granting the first computing system access rights to the data stored within the database zone controlled by the user comprises: granting, if the authorization object determined that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, a first user rights to data of the database zone, based on the first live biometric data and predetermined rights data associated with the authorization data; denying access, by the authorization object to the first user, following a determination that there is no database zone controlled by a user associated with authorization data matching the first live biometric data to at least a predetermined degree.

5. The method of claim 4 wherein opening a secure channel between the first computing system and an authorization object responsible for securely managing access to one or more database zones comprises: opening, by a security application program on the first computing system, a secure channel between the application program of the first computing system and an authorization object responsible for securely managing access to one or more database zones.

6. The method of claim 1 further comprising receiving third live biometric data from a third biometric device coupled to the second computing system, wherein generation of at least one of the second or third live biometric data requires that a first user be in physical contact with the second computing system, and further wherein granting the second computing system access rights to the data copied to the temporary storage location comprises: determining, by the authorization object, that a database zone controlled by a user is associated with first authorization data matching the second live biometric data to at least a predetermined degree; determining, by the authorization object, that the third live biometric data matches second authorization data to at least a predetermined degree; and thirdly accessing, by the second computing system using the second live biometric data as a database index, following the authorization object determining that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, and also following the authorization object determining that the third live biometric data matches second authorization data to at least a predetermined degree, the data copied to the temporary storage location.

7. A system for employing biometric data to authorize cloud-based data transactions and enforce cloud-based data security comprising: one or more computing processors; and one or more memories coupled to the one or more computing processors, the one or more memories having stored therein processor executable instructions which when executed by the one or more computing processors, perform a process comprising: establishing, during a registration process, a database zone to be controlled by a user, wherein the database zone is an exclusive area of a database which is set aside for the user and further wherein the database zone is only accessible using biometric data of the user; generating authorization data by associating the biometric data of the user with the database zone; receiving first live biometric data generated through the user interacting with a first biometric device coupled to a first computing system, the first live biometric data uniquely identifying the user to which the biometric data applies, the first computing system being a system that has been previously identified as a known system; using the first live biometric data as a database index to determine and locate the database zone controlled by the user, wherein using the first live biometric data ensures that the user who controls the database zone is physically present at the first computing system; opening a secure channel between the first computing system and an authorization object responsible for securely managing access to the database zone; providing, from the first computing system using the secure channel, the first live biometric data to the authorization object; determining, by the authorization object, whether the database zone controlled by the user is associated with authorization data matching the first live biometric data to at least a predetermined degree; granting the first computing system access rights to the data stored within the database zone controlled by the user; receiving, through a user interface of the first computing system, one or more first commands from the user that trigger the performance of one or more first operations on data stored within the database zone controlled by the user, wherein at least one of the commands is a copy data command which copies at least a portion of data stored within the database zone controlled by the user to a temporary storage location within the database zone controlled by the user; performing, as a result of the triggering, the one or more first operations on data stored within the database zone controlled by the user; receiving second live biometric data generated through the user interacting with a second biometric device coupled to a second computing system, wherein the second live biometric data uniquely identifies the user, and further wherein the second computing system has not been previously identified as a known system; using the second live biometric data as a database index, to determine and locate the database zone controlled by the user, wherein using the second live biometric data ensures that the user who controls the database zone is physically present at the second computing system; determining, by the authorization object, that the database zone controlled by the user is associated with authorization data matching the second live biometric data to at least a predetermined degree; granting the second computing system access rights to the data copied to the temporary storage location within the database zone controlled by the user; receiving, through a user interface of the second computing system, one or more second commands from the user that trigger the performance of one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; performing, as a result of the receiving one or more second commands, the one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; receiving results data resulting from performance of the one or more operations on the data copied to the temporary storage location within the database zone controlled by the user.

8. The system of claim 7 wherein the one or more commands received at either of the first computing system or the second computing system include one or more commands selected from a group of commands consisting of: a copy command; a transfer command; a delete command; an insert command; and a command to move at least a portion of the data into a database zone controlled by an owner of the second computing system.

9. The system of claim 7 wherein at least one of the first live biometric data and the second live biometric data are selected from the group of biometric data consisting of: fingerprint data; palm print data; retina data; facial recognition data; and iris recognition data.

10. The system of claim 7 wherein granting the first computing system access rights to the data stored within the database zone controlled by the user comprises: granting, if the authorization object determined that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, a first user rights to data of the database zone, based on the first live biometric data and predetermined rights data associated with the authorization data, denying access, by the authorization object to the first user, following a determination that there is no database zone controlled by a user associated with authorization data matching the first live biometric data to at least a predetermined degree.

11. The system of claim 10 wherein opening a secure channel between the first computing system and an authorization object responsible for securely managing access to one or more database zones comprises: opening, by a security application program on the first computing system, a secure channel between the application program of the first computing system and an authorization object responsible for securely managing access to one or more database zones.

12. The system of claim 7 further comprising receiving third live biometric data from a third biometric device coupled to the second computing system, wherein generation of at least one of the second or third live biometric data requires that a first user be in physical contact with the second computing system, and further wherein granting the second computing system access rights to the data copied to the temporary storage location comprises: determining, by the authorization object, that a database zone controlled by a user is associated with first authorization data matching the second live biometric data to at least a predetermined degree; determining, by the authorization object, that the third live biometric data matches second authorization data to at least a predetermined degree; and thirdly accessing, by the second computing system using the second live biometric data as a database index, following the authorization object determining that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, and also following the authorization object determining that the third live biometric data matches second authorization data to at least a predetermined degree, the data copied to the temporary storage location.

13. A system for employing biometric data to authorize cloud-based data transactions and enforce cloud-based data security comprising: a first user computing system having a first biometric device coupled thereto, the first biometric device configured to create biometric data representative of a characteristic of a user of the first user computing system; a second user computing system having a second biometric device coupled thereto, the second biometric device configured to create biometric data representative of a characteristic of a user of the second user computing system; a database coupled to the first and second user computing systems, and further coupled to an authorization object, the authorization object configured to govern access to database zones of the database; the system configured to: establish, during a registration process, a database zone to be controlled by a user, wherein the database zone is an exclusive area of a database which is set aside for the user and further wherein the database zone is only accessible using biometric data of the user; generate authorization data by associating the biometric data of the user with the database zone; receive first live biometric data generated through the user interacting with the first biometric device, the first live biometric data uniquely identifying the user to which the biometric data applies, the first computing system being a system that has been previously identified as a known system; use, by the first user computing system, the first live biometric data as a database index to determine and locate the database zone controlled by the user, wherein using the first live biometric data ensures that the user who controls the database zone is physically present at the first computing system; open a secure channel between the first computing system and an authorization object responsible for securely managing access to the database zone; provide, from the first computing system using the secure channel, the first live biometric data to the authorization object; determine, by the authorization object, whether the database zone controlled by the user is associated with authorization data matching the first live biometric data to at least a predetermined degree; grant the first computing system access rights to the data stored within the database zone controlled by the user; receive, through a user interface of the first user computing system, one or more first commands from the user that trigger the performance of one or more first operations on data stored within the database zone controlled by the user, wherein at least one of the commands is a copy data command which copies at least a portion of data stored within the database zone controlled by the user to a temporary storage location within the database zone controlled by the user; perform, as a result of the triggering, the one or more first operations on data stored within the database zone controlled by the user; receive second live biometric data generated through the user interacting with the second biometric device, the second live biometric data uniquely identifying the user, and further wherein the second computing system has not been previously identified as a known system; use the second live biometric data as a database index, to determine and locate the database zone controlled by the user, wherein using the second live biometric data ensures that the user who controls the database zone is physically present at the second computing system; determine, by the authorization object, that the database zone controlled by the user is associated with authorization data matching the second live biometric data to at least a predetermined degree; grant the second computing system access rights to the data copied to the temporary storage location within the database zone controlled by the user; receive, through a user interface of the second computing system, one or more second commands from the user that trigger the performance of one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; perform, as a result of the receiving one or more second commands, the one or more second operations on the data copied to the temporary storage location within the database zone controlled by the user; receive results data resulting from performance of the one or more operations on the data copied to the temporary storage location within the database zone controlled by the user.

14. The system of claim 13 wherein the one or more commands received at either of the first user computing system or the second user computing system include one or more commands selected from a group of commands consisting of: a copy command; a transfer command; a delete command; an insert command; and a command to move at least a portion of the data into a database zone controlled by an owner of the second computing system.

15. The system of claim 13 wherein at least one of the first live biometric data and the second live biometric data are selected from the group of biometric data consisting of: fingerprint data; palm print data; retina data; facial recognition data; and iris recognition data.

16. The system of claim 13 wherein granting the first computing system access rights to the data stored within the database zone controlled by the user comprises: granting, if the authorization object has determined that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, the first user rights to data of the database zone, based on the first live biometric data and predetermined rights data associated with the authorization data; and denying access, by the authorization object to the first user, following a determination that there is no database zone controlled by a user associated with authorization data matching the first live biometric data to at least a predetermined degree.

17. The system of claim 16 wherein opening a secure channel between the first user computing system and the authorization object responsible comprises: opening, by a security application program on the first user computing system, a secure channel between the application program of the first user computing system and an authorization object responsible for securely managing access to one or more database zones.

18. The system of claim 13 further comprising receiving third live biometric data from a third biometric device coupled to the second user computing system, wherein generation of at least one of the second or third live biometric data requires that a first user be in physical contact with the second user computing system, and further wherein granting the second computing system access rights to the data copied to the temporary storage location comprises: determining, by the authorization object, that a database zone controlled by a user is associated with first authorization data matching the second live biometric data to at least a predetermined degree; determining, by the authorization object, that the third live biometric data matches second authorization data to at least a predetermined degree; and thirdly accessing, by the second user computing system using the second live biometric data as a database index, following the authorization object determining that a database zone controlled by a user is associated with authorization data matching the first live biometric data to at least a predetermined degree, and also following the authorization object determining that the third live biometric data matches second authorization data to at least a predetermined degree, the data copied to the temporary storage location.